solving c2 imports, forbidding free coaches access to imports
This commit is contained in:
Sander Roosendaal
@@ -537,9 +537,16 @@ def workout_getnkworkout_all(request,startdatestring='',enddatestring=''):
|
||||
|
||||
@login_required()
|
||||
@permission_required('rower.is_coach',fn=get_user_by_userid, raise_exception=True)
|
||||
@permission_required('rower.is_not_freecoach',fn=get_user_by_userid, raise_exception=True)
|
||||
def workout_nkimport_view(request,userid=0,after=0,before=0):
|
||||
startdate,enddate = get_dates_timeperiod(request,defaulttimeperiod='last30')
|
||||
r = getrequestrower(request,userid=userid)
|
||||
if r.user != request.user:
|
||||
print(r,r.user,request.user)
|
||||
messages.error(request,'You can only access your own workouts on the NK Logbook, not those of your athletes')
|
||||
url = reverse('workout_nkimport_view',kwargs={'userid':request.user.id})
|
||||
return HttpResponseRedirect(url)
|
||||
|
||||
try:
|
||||
thetoken = nk_open(request.user)
|
||||
except NoTokenError: # pragma: no cover
|
||||
@@ -908,8 +915,14 @@ def workout_rp3import_view(request,userid=0):
|
||||
# The page where you select which Strava workout to import
|
||||
@login_required()
|
||||
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||
@permission_required('rower.is_not_freecoach',fn=get_user_by_userid, raise_exception=True)
|
||||
def workout_stravaimport_view(request,message="",userid=0):
|
||||
r = getrequestrower(request,userid=userid)
|
||||
if r.user != request.user:
|
||||
print(r,r.user,request.user)
|
||||
messages.error(request,'You can only access your own workouts on the NK Logbook, not those of your athletes')
|
||||
url = reverse('workout_stravaimport_view',kwargs={'userid':request.user.id})
|
||||
return HttpResponseRedirect(url)
|
||||
#if r.user != request.user:
|
||||
# messages.info(request,"You cannot import other people's workouts from Strava")
|
||||
try:
|
||||
@@ -1260,6 +1273,7 @@ def garmin_details_view(request):
|
||||
# the page where you select which Polar workout to Import
|
||||
@login_required()
|
||||
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||
@permission_required('rower.is_not_freecoach',fn=get_user_by_userid, raise_exception=True)
|
||||
def workout_polarimport_view(request,userid=0): # pragma: no cover
|
||||
exercises = polarstuff.get_polar_workouts(request.user)
|
||||
workouts = []
|
||||
@@ -1318,8 +1332,14 @@ def workout_polarimport_view(request,userid=0): # pragma: no cover
|
||||
# The page where you select which SportTracks workout to import
|
||||
@login_required()
|
||||
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||
@permission_required('rower.is_not_freecoach',fn=get_user_by_userid, raise_exception=True)
|
||||
def workout_sporttracksimport_view(request,message="",userid=0):
|
||||
|
||||
r = getrequestrower(request,userid=userid)
|
||||
if r.user != request.user:
|
||||
print(r,r.user,request.user)
|
||||
messages.error(request,'You can only access your own workouts on the NK Logbook, not those of your athletes')
|
||||
url = reverse('workout_sporttracksimport_view',kwargs={'userid':request.user.id})
|
||||
return HttpResponseRedirect(url)
|
||||
|
||||
res = sporttracksstuff.get_sporttracks_workout_list(request.user)
|
||||
if (res.status_code != 200):
|
||||
@@ -1339,7 +1359,7 @@ def workout_sporttracksimport_view(request,message="",userid=0):
|
||||
return HttpResponseRedirect(url)
|
||||
|
||||
workouts = []
|
||||
r = getrower(request.user)
|
||||
|
||||
stids = [int(getidfromuri(item['uri'])) for item in res.json()['items']]
|
||||
knownstids = uniqify([
|
||||
w.uploadedtosporttracks for w in Workout.objects.filter(user=r)
|
||||
@@ -1469,9 +1489,15 @@ def workout_getrp3workout_all(request): # pragma: no cover
|
||||
# List of workouts available on Concept2 logbook - for import
|
||||
@login_required()
|
||||
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||
@permission_required('rower.is_not_freecoach',fn=get_user_by_userid, raise_exception=True)
|
||||
def workout_c2import_view(request,page=1,userid=0,message=""):
|
||||
|
||||
r = getrequestrower(request,userid=userid)
|
||||
if r.user != request.user:
|
||||
print(r,r.user,request.user)
|
||||
messages.error(request,'You can only access your own workouts on the NK Logbook, not those of your athletes')
|
||||
url = reverse('workout_c2import_view',kwargs={'userid':request.user.id})
|
||||
return HttpResponseRedirect(url)
|
||||
|
||||
try:
|
||||
thetoken = c2_open(request.user)
|
||||
@@ -1581,8 +1607,14 @@ importsources = {
|
||||
}
|
||||
|
||||
@login_required()
|
||||
@permission_required('rower.is_not_freecoach',fn=get_user_by_userid, raise_exception=True)
|
||||
def workout_getrp3importview(request,externalid):
|
||||
r = getrequestrower(request)
|
||||
if r.user != request.user:
|
||||
print(r,r.user,request.user)
|
||||
messages.error(request,'You can only access your own workouts on the NK Logbook, not those of your athletes')
|
||||
url = reverse('workout_rp3import_view',kwargs={'userid':request.user.id})
|
||||
return HttpResponseRedirect(url)
|
||||
token = rp3stuff.rp3_open(r.user)
|
||||
startdatetime = request.GET.get('startdatetime')
|
||||
|
||||
|
||||
Reference in New Issue
Block a user